System, method, and computer program product for preventing access to data with respect to a data access attempt associated with a remote data sharing session

ABSTRACT

A system, method, and computer program product are provided for preventing access to data associated with a data access attempt. In use, a data access attempt associated with a remote data sharing session is identified. Further, access to the data is prevented.

FIELD OF THE INVENTION

The present invention relates to data loss prevention, and moreparticularly to preventing data loss by preventing access data.

BACKGROUND

In the past, security systems have been developed for preventing dataloss. For example, such data loss has generally included theunauthorized or otherwise unwanted disclosure of data (e.g. confidentialdata, etc.). However, security systems have exhibited variouslimitations in preventing data loss. For example, security systems haveconventionally been deficient in preventing data loss due to remote datasharing.

There is thus a need for addressing these and/or other issues associatedwith the prior art.

SUMMARY

A system, method, and computer program product are provided forpreventing access to data associated with a data access attempt. In use,a data access attempt associated with a remote data sharing session isidentified. Further, access to the data is prevented.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 illustrates a network architecture, in accordance with oneembodiment.

FIG. 2 shows a representative hardware environment that may beassociated with the servers and/or clients of FIG. 1, in accordance withone embodiment.

FIG. 3 shows a method for preventing access to data associated with adata access attempt, in accordance with one embodiment.

FIG. 4 shows a method for preventing access to a uniform resourcelocator (URL) associated with remote desktop sharing, in accordance withanother embodiment.

FIG. 5 shows a method for preventing access to data based on anapplication that initiated a data access request, in accordance with yetanother embodiment.

FIG. 6 shows a method for preventing access to data based on afingerprint of the data, in accordance with still yet anotherembodiment.

DETAILED DESCRIPTION

FIG. 1 illustrates a network architecture 100, in accordance with oneembodiment. As shown, a plurality of networks 102 is provided. In thecontext of the present network architecture 100, the networks 102 mayeach take any form including, but not limited to a local area network(LAN), a wireless network, a wide area network (WAN) such as theInternet, peer-to-peer network, etc.

Coupled to the networks 102 are servers 104 which are capable ofcommunicating over the networks 102. Also coupled to the networks 102and the servers 104 is a plurality of clients 106. Such servers 104and/or clients 106 may each include a desktop computer, lap-topcomputer, hand-held computer, mobile phone, personal digital assistant(PDA), peripheral (e.g. printer, etc.), any component of a computer,and/or any other type of logic. In order to facilitate communicationamong the networks 102, at least one gateway 108 is optionally coupledtherebetween.

FIG. 2 shows a representative hardware environment that may beassociated with the servers 104 and/or clients 106 of FIG. 1, inaccordance with one embodiment. Such figure illustrates a typicalhardware configuration of a workstation in accordance with oneembodiment having a central processing unit 210, such as amicroprocessor, and a number of other units interconnected via a systembus 212.

The workstation shown in FIG. 2 includes a Random Access Memory (RAM)214, Read Only Memory (ROM) 216, an I/O adapter 218 for connectingperipheral devices such as disk storage units 220 to the bus 212, a userinterface adapter 222 for connecting a keyboard 224, a mouse 226, aspeaker 228, a microphone 232, and/or other user interface devices suchas a touch screen (not shown) to the bus 212, communication adapter 234for connecting the workstation to a communication network 235 (e.g., adata processing network) and a display adapter 236 for connecting thebus 212 to a display device 238.

The workstation may have resident thereon any desired operating system.It will be appreciated that an embodiment may also be implemented onplatforms and operating systems other than those mentioned. Oneembodiment may be written using JAVA, C, and/or C++ language, or otherprogramming languages, along with an object oriented programmingmethodology. Object oriented programming (OOP) has become increasinglyused to develop complex applications.

Of course, the various embodiments set forth herein may be implementedutilizing hardware, software, or any desired combination thereof. Forthat matter, any type of logic may be utilized which is capable ofimplementing the various functionality set forth herein.

FIG. 3 shows a method 300 for preventing access to data associated witha data access attempt, in accordance with one embodiment. As an option,the method 300 may be carried out in the context of the architecture andenvironment of FIGS. 1 and/or 2, Of course, however, the method 300 maybe carried out in any desired environment.

As shown in operation 302, a data access attempt associated with aremote data sharing session is identified. In the context of the presentdescription, the data may include information, code, and/or anythingelse capable of being associated with a remote data session. In variousembodiments, the data may include any number of documents, electronicmail (email) messages, programs, uniform resource locators (URLs), etc.Additionally, the data may be stored on a client, a server, and/or anyother device (e.g. such as any of the devices described above withrespect to FIGS. 1 and/or 2, etc.).

To this end, the data access attempt may include any attempt associatedwith a remote data sharing session to access data. For example, the dataaccess attempt may include a request to access the data. In otherexamples, the data access attempt may include an attempt to open thedata, read the data, write to the data, copy the data, attach the datato other data (e.g. an email), display the data utilizing a liquidcrystal display (LCD) projector, etc.

In the context of the present description, the remote data sharingsession may include any session in which the data may be sharedremotely, where the term remotely indicates the involvement of anydevice separate from the device on which the data is stored, etc. Forexample, the remote data sharing session may, in one embodiment, includea time period in which remote data sharing is enabled. As an option, thedata may be shared remotely by viewing the data remotely, interactingwith the data remotely, etc. In one embodiment, such remote data sharingmay include any displaying, presenting, etc. of data located at a firstlocation to a remote second location. Just by way of example, the remotedata sharing may include sharing a desktop display with a remotecomputer, sharing the data with a projector (e.g. LCD projector, etc.)which projects the data, etc.

Moreover, the remote data sharing session may be associated with (e.g.facilitated by, etc.) a remote data sharing application. For example,the remote data sharing application may include a remote desktopapplication (e.g. Microsoft® Office Live Meeting, Citrix® GoToAssist®,etc.). Thus, the remote data sharing application may optionally becapable of sharing data remotely from a first device with a seconddevice. As an option, the data access attempt may be associated with theremote data sharing session by being initiated via the remote datasharing session (e.g. via a command executed during the remote datasharing session). As another option, the data access attempt may includean attempt to access the remote data sharing session, the remote datasharing application associated with such session and/or any other aspectassociated with the remote data sharing session.

To this end, the data access attempt may be initiated manually (e.g. bya user), in one embodiment. In another embodiment, the data accessattempt may be initiated automatically (e.g. via an application, etc.).As described above, the data access attempt may also be initiated viathe remote data sharing session.

Further, the data access attempt may be identified in any desiredmanner. In one embodiment, the data access attempt may be identifiedutilizing a client (e.g. on which the data is stored, etc.). In thisway, the client may identify data access attempts initiated at theclient. For example, the data access attempt may be identified utilizingan agent installed on the client, which monitors data access attempts.

As another example, the data access attempt may be identified utilizinga plug-in, add-in, etc. to an application (e.g. web browser, wordprocessing application, data sharing application, etc.) associated with,installed on, etc. the client. As an option, such application may be thesource of the data access attempt, an application utilized in accessingthe data, an application utilized for sharing the data remotely, etc.Thus, each of a plurality of applications associated with the client maybe associated with a separate plug-in, etc. As another option, theplug-in, etc. may be continuously active when the application is running(e.g. being executed).

In another embodiment, the data access attempt may be identifiedutilizing a gateway. For example, the gateway may identify the dataaccess attempt based on network traffic received over a network (e.g.such as any of the networks described above with respect to FIG. 1). Asan option, such gateway may similarly utilize an agent, plug-in, etc.for identifying the data access attempt.

As also shown, access to the data is prevented. Note operation 304. Inthe context of the present description, the access of operation 304 mayinclude any access associated with (e.g. requested in conjunction with,etc.) the data access attempt. In various embodiments, the access may beprevented by blocking the access, disallowing the access, denying arequest associated with the data access attempt, disallowing networktraffic associated with the data access attempt, etc. Of course,however, the access to the data may be prevented in any desired manner.

In one embodiment, the access may be prevented, if it is determined thatthe data matches predetermined data. Such predetermined data may includeknown confidential data (e.g. data predetermined to be confidential,etc.). In another embodiment, the access may be prevented, if it isdetermined that a fingerprint (e.g. hash, etc.) of the data matches apredetermined fingerprint, such as a fingerprint of known confidentialdata, for example.

In yet another embodiment, the access may be prevented, if it isdetermined that a remote data sharing application associated with theremote data sharing session is predetermined to be disallowed fromaccessing the data. For example, a user may configure (e.g. predefine,etc.) remote data sharing applications allowed to and/or disallowed fromaccessing data. As an option, such remote data sharing applications maybe predetermined with respect to each of a plurality of instances ofdifferent data, with respect to locations of data capable of beingaccessed, with respect to categories of data capable of being accessed(e.g. file types, etc.), and/or with respect to any data capable ofbeing accessed.

In still yet another embodiment, the access may be prevented based on adetermination of whether the remote data sharing session is enabled. Forexample, if the remote data sharing session is enabled, access to thedata may be prevented. Of course, however, preventing access to the datamay be based on any desired criteria,

To this end, such access to data may be prevented in any desired manner.In one embodiment, such access prevention may eliminate unwanted loss,disclosure, etc. of the data via the remote data sharing session. Forexample, preventing access to the data may prevent the data from beingpresented, displayed, etc. to a remote device utilizing remote datasharing techniques associated with the remote data sharing session.Accordingly, in addition to optionally educating users on potential dataleakage via remote data sharing sessions, such data leakage may also belimited by preventing access to data when a data access attempt isassociated with a remote data sharing session.

More illustrative information will now be set forth regarding variousoptional architectures and features with which the foregoing techniquemay or may not be implemented, per the desires of the user. It should bestrongly noted that the following information is set forth forillustrative purposes and should not be construed as limiting in anymanner. Any of the following features may be optionally incorporatedwith or without the exclusion of other features described.

FIG. 4 shows method 400 for preventing access to a uniform resourcelocator (URL) associated with remote desktop sharing, in accordance withanother embodiment. As an option, the method 400 may be carried out inthe context of the architecture and environment of FIGS. 1-3. Of course,however, the method 400 may be carried out in any desired environment.It should also be noted that the aforementioned definitions may applyduring the present description.

As shown in operation 402, it is determined whether a URL access requesthas been issued. In the context of the present embodiment, the URLaccess request may include a request to access content (e.g. webcontent, etc.) associated with a URL. In one embodiment, the URL accessrequest may be issued via a web browser. For example, the URL accessrequest may be issued based on a user selection of a web link on a webpage displayed via the web browser, a user entry of the URL into the webbrowser, etc.

Further, the URL access request may be identified utilizing an agentinstalled on a client via which the URL access request is issued. Inanother embodiment, the URL access request may be identified utilizing aplug-in, add-in, etc. associated with the web browser via which the URLaccess request is issued. In yet another embodiment, the URL accessrequest may be identified utilizing a plug-in, add-in, etc. associatedwith an application enabled for remotely sharing data. In still yetanother embodiment, the URL access request may be identified utilizingan agent, plug-in, etc. installed on a gateway (e.g. via which the URLaccess request is communicated over a network, etc.).

In response to a determination that the URL access request has beenissued, the URL is compared to known URLs associated with remote desktopsharing. Note operation 404. Such known URLs may include any URLspredetermined to be associated with remote desktop sharing. For example,the known URLs may include a location on a network of a remote desktopsharing application capable of being utilized for remotely sharing adesktop. Optionally, such known URLs may be predetermined based on auser configuration, based on an automatic configuration (e.g. webcrawler, etc.).

In one embodiment, the known URLs may be stored in a library of knownURLs. In another embodiment, the known URLs may be stored on the clientvia which the URL access request is initiated. In yet anotherembodiment, the known URLs may be stored at a central location (e.g.central server, etc.) capable of being accessed by the client and/orgateway. Optionally, the URL may be compared to the known URLs bycomparing any portion or an entirety of the URL with any respectiveportion or entirety of the known URLs.

It is further determined whether the URL matches any of the known URLs,as shown in decision 406. To this end, such determination may be basedon the comparison of the URL with the known URLs. If it is determinedthat the URL does not match any of the known URLs, access to the URL isallowed. Note operation 412. Such access may include the accessrequested by the URL access request. In one embodiment, contentassociated with the URL, such as a web page, may be allowed to bepresented. In another embodiment, the URL access request may be allowedto be sent to a destination (e.g. web server, etc.) associated with therequest.

If however, it is determined that the URL matches one of the known URLs,access to the URL is prevented. Note operation 408. In one embodiment,content associated with the URL may be prevented from being presented.In another embodiment, the URL access request, such as network trafficassociated with such URL access request, may be prevented from beingcommunicated to the destination associated with the request. As anoption, access to the URL may be prevented utilizing the agent, plug-in,etc. used for identifying the URL access request (as described above inoperation 402).

Moreover, it is determined whether access to the URL is manuallyallowed, as shown in operation 410. In one embodiment, manually allowingaccess to the URL may include a user selecting (e.g. via a userinterface) to allow the access. The user may include any user authorizedto manually allow such access. For example, in response to preventingaccess to the URL (operation 408), a notification may be communicated tothe user. Additionally, such notification may include an option capableof being selected by the user for manually allowing access to the URL.

In another embodiment, access to the URL may be manually allowed basedon a predefined list of URLs to which access is allowed. For example, auser may configure a list of URLs associated with remote desktop sharingto which access is allowed. Thus, if the URL matches a URL in thepredefined list of URLs to which access is allowed, access to the URLmay be manually allowed.

In response to a determination that access to the URL is manuallyallowed, access to the URL is allowed, as shown in operation 412. Tothis end, access to a URL may be allowed automatically if the URL doesnot match known URLs associated with remote desktop sharing or manuallyas desired by a user. Still yet, it may be continuously determinedwhether access to the URL is manually allowed (e.g. for a predefinedtime period, etc.). In this way, access to the URL may optionally beallowed at any time after access to the URL is prevented.

FIG. 5 shows a method 500 for preventing access to data based on anapplication that initiated a data access request, in accordance with yetanother embodiment. As an option, the method 500 may be carried out inthe context of the architecture and environment of FIGS. 1-4. Of course,however, the method 500 may be carried out in any desired environment.Again, it should also be noted that the aforementioned definitions mayapply during the present description.

In decision 502, it is determined whether a data access request has beenissued. In one embodiment, the data access request may include a requestto access a document. Just by way of example, the data access requestmay include a request to open the document. As another example, the dataaccess request may include a request to attach the data to an email, adocument, etc.

In another embodiment, the data access request may be issued via anapplication program interface (API). In yet another embodiment, the dataaccess request may be issued manually by a user, for example, byselecting to open the data. In still yet another embodiment, the dataaccess request may be issued automatically (e.g. via an applicationrequesting to access the data, etc.).

Further, the data access request may be identified utilizing an agentinstalled on a client via which the data access request is issued. Inanother embodiment, the data access request may be identified utilizingan agent installed on a gateway (e.g. via which the data access requestis communicated over a network, etc.). Of course, however, the dataaccess request may be identified in any manner.

In response to a determination that the data access request has beenissued, it is determined whether the data is fingerprinted. Notedecision 504. For example, a plurality of predetermined fingerprints maybe stored, in a database. Further, the database may store additionalinformation with respect to the predetermined fingerprints. For example,the database may store identifiers of applications allowed to beutilized for accessing data associated with each of the predeterminedfingerprints, disallowed for use in accessing such data, etc. As anoption, the predetermined fingerprints and associated allowed/disallowedapplications may be configured by a user.

Table 1 illustrates one example of a database capable of being utilizedfor storing predetermined fingerprints of data and identifiers ofassociated applications allowed to be utilized for accessing such data.In this way, the database may be utilized for associating eachfingerprint with an application, it should be noted that the database isset forth for illustrative purposes only, and thus should not beconstrued as limiting in any manner.

TABLE 1 DATA FINGERPRINT ALLOWED APPLICATION IDENTIFIER FINGERPRINT_01APPLICATION_01, APPLICATION_02 FINGERPRINT_02 APPLICATION_02FINGERPRINT_03 APPLICATION_01

In the context of the present embodiment, such predeterminedfingerprints may include fingerprints of various data that have beenpredefined. As an option, the predetermined fingerprints may indicatedata which is at least potentially confidential, (e.g. for whichunauthorized disclosure is unwanted, etc.). Thus, a fingerprint of thedata may be compared with the predetermined fingerprints in thedatabase, such that a match may indicate that the data is fingerprinted.

In response to a determination that the data is fingerprinted, anapplication that initiated the data access request is identified, asshown in operation 506. Optionally, the application may include anapplication to be utilized for accessing the data. For example, theapplication may include an application capable of being utilized fordisplaying the data. As another option, identifying the application mayinclude identifying a version of the application, identifying a name ofthe application, identifying a provider of the application, etc.

In one embodiment, the application may be identified based on the dataaccess request. For example, the data access request may include anidentifier of the application that issued the request (e.g. a source ofthe request, etc.). Of course, however, the application may beidentified in any manner.

It is further determined whether the identified application is allowedto access the data, as shown in decision 508. In one embodiment, thepredetermined fingerprint matching the fingerprint of the data may beidentified in the database. Furthermore, application identifiers storedin the database in association with such identified predeterminedfingerprint may be identified. Accordingly, the application that issuedthe data access request may be compared with the identified applicationidentifiers, such that it may be determined whether any such identifiedapplication identifiers match the application that issued the dataaccess request.

As an option, the application identifiers in the database associatedwith a fingerprint may indicate applications predetermined to be allowedto access data associated with the fingerprint. To this end, a match mayindicate that the data is allowed to be accessed utilizing theidentified application that issued the data access request. As anotheroption, the application identifiers in the database associated with afingerprint may indicate applications predetermined to be disallowedfrom accessing data associated with the fingerprint. Thus, a match mayindicate that the data is not allowed to be accessed utilizing theidentified application that issued the data access request.

In another embodiment, predetermined applications may be determined tobe dedicated applications allowed to access any data. For example, suchdedicated applications may be predetermined based on a userconfiguration. As an option, the dedicated applications may include theonly applications allowed to access fingerprinted data.

In yet another embodiment, predetermined applications may be disallowedfrom being utilized during a remote data sharing session. For example,if it is determined that one of the predetermined applications isrunning, a remote data sharing session may be prevented from beingenabled. As another example, if it is determined that a remote datasharing session is enabled, one of the predetermined applications may beprevented from being initiated.

If it is determined that the application that issued the data accessrequest is allowed to access the data, access to the date is allowed.Note operation 510. Such access may include the access requested by thedata access request. In one embodiment, the data may be allowed to bepresented, displayed, attached, etc. In another embodiment, the dataaccess request may be allowed to be sent to a destination (e.g. server,etc.) associated with the request.

If, however, it is determined that the application that issued the dataaccess request is not allowed to access the data, access to the data maybe prevented. Note operation 512. In one embodiment, the data may beprevented from being presented. In another embodiment, the data accessrequest, such as network traffic associated with such data accessrequest, may be prevented from being communicated to the destinationassociated with the request. As an option, access to the data may beprevented utilizing the agent used for identifying the data accessrequest (as described above in operation 502). Just by way of example,in one embodiment, the data access request may include a request todisplay the data utilizing a projector, such that data loss may beprevented with respect to a public sharing session associated with anLCD projector, etc.

In this way, for each of a plurality of different fingerprints ofvarious data, applications may be indicated as being allowed to accessthe data and/or disallowed from accessing the data. Thus, particulardata may only be accessible via predefined applications, as desired. Inone embodiment, such predefined applications may allow a single agentinstalled on a client, gateway, etc. to determine whether any of aplurality of different applications may be utilized for accessing dataassociated with a data access request.

FIG. 6 shows a method 600 for preventing access to data based on afingerprint of the data, in accordance with still yet anotherembodiment. As an option, the method 600 may be carried out in thecontext of the architecture and environment of FIGS. 1-4. Of course,however, the method 600 may be carried out in any desired environment.Again, it should also be noted that the aforementioned definitions mayapply during the present description.

As shown in decision 602, it is determined whether remote data sharingis enabled. In one embodiment, it may be determined whether the remotedata sharing is enabled based on a determination of whether a remotedata sharing application, or any associated processes, are executing.For example, an agent installed on a client may determine whether aremote data sharing application is executing on the client.

In response to a determination that the remote data sharing is enabled,it is determined whether a data access request has been issued, as shownin decision 604. In one embodiment, the data access request may beidentified utilizing an agent installed on the client via which the dataaccess request is issued. In another embodiment, the data access requestmay be identified utilizing a plug-in, add-in, etc. associated with anapplication via which the data access request is issued. In yet anotherembodiment, the data access request may be identified utilizing aplug-in, add-in, etc. associated with a remote data sharing application.

If a data access request has been issued, a fingerprint of the data isidentified, as shown in operation 606. The fingerprint of the data maybe identified by hashing the data, in one embodiment. In anotherembodiment, the fingerprint of the data may be identified by calculatinga value of the data utilizing a predetermined algorithm.

Furthermore, as shown in decision 608, it is determined whether theidentified fingerprint matches a known fingerprint, in the context ofthe present embodiment, the known fingerprint may include anypredetermined fingerprint of data. For example, a database may store aplurality of predetermined fingerprints of data. Optionally, suchdatabase may be stored locally (e.g. on a client on which the dataaccess request was issued), but of course may also be stored remotely(e.g. at a location central to a plurality of clients on a network).Moreover, the predetermined fingerprints may be of known confidentialdata.

To this end, determining whether the identified fingerprint matches aknown fingerprint may include comparing the identified fingerprint to aplurality of known fingerprints. If it is determined that thefingerprint of the data does not match a known fingerprint (e.g. basedon the comparison, etc.), access to the data may be allowed. Noteoperation 610. For example, the access may include the access requestedby the issued data access request (in operation 604). If, however, it isdetermined that the fingerprint of the data matches a known fingerprint(e.g. based on the comparison, etc.), access to the data may beprevented. Note operation 612.

To this end, data may be prevented from being accessed based on afingerprint of the data when a remote data sharing session is enabled.In another optional embodiment, if it is determined that the data isalready opened prior to enablement of a remote data sharing session,such data may be closed in response to a request to initiate the remotedata sharing session. Thus, data loss may be prevented based on variousaccess requests, including, for example, a public sharing session wherethe data is displayed on an LCD projector, etc.

While various embodiments have been described above, it should beunderstood that they have been presented by way of example only, and notlimitation. Thus, the breadth and scope of a preferred embodiment shouldnot be limited by any of the above-described exemplary embodiments, butshould be defined only in accordance with the following claims and theirequivalents.

1. A method, comprising: identifying, by a first computer, a data accessattempt by a remote device, the data access attempt associated with aremote data sharing session wherein the remote data sharing sessioncomprises sharing a desktop display of the first computer with theremote device; and automatically preventing access to data associatedwith the identified data access attempt.
 2. The method of claim 1,wherein the data includes a uniform resource locator.
 3. The method ofclaim 1, wherein the data includes a document.
 4. (canceled)
 5. Themethod of claim 1, wherein the act of identifying a data access attemptincludes utilizing a plug-in to an application that is associated withthe data access attempt.
 6. The method of claim 1, wherein the act ofidentifying a data access attempt includes utilizing a plug-in to anapplication that is used for remote data sharing.
 7. The method of claim1, wherein the remote data sharing session is associated with a remotedata sharing application.
 8. The method of claim 7, wherein the remotedata sharing application is predetermined to be disallowed fromaccessing the data.
 9. The method of claim 8, wherein the remote datasharing application is predetermined to be disallowed from accessing thedata, based on a user configuration.
 10. The method of claim 1, whereinthe act of identifying a data access attempt includes utilizing aclient.
 11. The method of claim 10, wherein the act of identifying adata access attempt includes utilizing a plug-in to an applicationinstalled on the client.
 12. The method of claim 1, wherein the act ofidentifying a data access attempt includes utilizing a gateway.
 13. Themethod of claim 1, further comprising identifying a fingerprint of thedata.
 14. The method of claim 13, further comprising comparing thefingerprint of the data to a plurality of predetermined fingerprints.15. The method of claim 14, wherein the plurality of predeterminedfingerprints include fingerprints of known confidential data.
 16. Themethod of claim 14, wherein the plurality of predetermined fingerprintsare each associated with an application.
 17. The method of claim 14,wherein the act of automatically preventing access to the data includespreventing access to the data based on the comparison.
 18. The method ofclaim 1, wherein the act of automatically preventing access to the dataincludes preventing access to the data if it is determined that afingerprint of the data matches a predetermined fingerprint.
 19. Themethod of claim 1, wherein the act of automatically preventing access tothe data includes preventing access to the data if it is determined thatthe data matches predetermined data.
 20. A computer program productembodied on a non-transitory computer readable medium, comprising:computer code for identifying a data access attempt by a remote deviceat a first computer, the data access attempt associated with a remotedata sharing session wherein the remote data sharing session comprisessharing a desktop display of the first computer with the remote device;and computer code for automatically preventing access to data associatedwith the identified data access attempt.
 21. A system, comprising: amemory; and a processor operatively coupled to the memory, the processoradapted to execute program code stored in the memory to: identify a dataaccess attempt by a remote device at a first computer, the data accessattempt associated with a remote data sharing session, wherein theremote data sharing session comprises sharing a desktop display of thefirst computer with the remote device, and automatically prevent accessto data associated with the identified data access attempt. 22-24.(canceled)